1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "sendenvelopecmd_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <thread>
21
22 #define private public
23 #include "addcoreservicetoken_fuzzer.h"
24 #include "core_service.h"
25 #include "core_service_stub.h"
26 #include "napi_util.h"
27 #include "system_ability_definition.h"
28 #include "tel_event_handler.h"
29 #include "unistd.h"
30 #include "tel_ril_manager.h"
31
32 using namespace OHOS::Telephony;
33 namespace OHOS {
34 static bool g_isInited = false;
35 constexpr int32_t SLOT_NUM = 2;
36 constexpr int32_t SLEEP_TIME_SECONDS = 3;
37 constexpr int32_t NETWORK_CAPABILITY_TYPE = 2;
38 constexpr int32_t NETWORK_CAPABILITY_STATE = 2;
39
IsServiceInited()40 bool IsServiceInited()
41 {
42 if (!g_isInited) {
43 DelayedSingleton<CoreService>::GetInstance()->OnStart();
44 if (DelayedSingleton<CoreService>::GetInstance()->GetServiceRunningState() ==
45 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING)) {
46 g_isInited = true;
47 }
48 }
49 return g_isInited;
50 }
51
GetUniqueDeviceId(const uint8_t * data,size_t size)52 void GetUniqueDeviceId(const uint8_t *data, size_t size)
53 {
54 if (!IsServiceInited()) {
55 return;
56 }
57
58 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
59 MessageParcel dataMessageParcel;
60 dataMessageParcel.WriteInt32(slotId);
61 dataMessageParcel.WriteBuffer(data, size);
62 dataMessageParcel.RewindRead(0);
63 MessageParcel reply;
64 DelayedSingleton<CoreService>::GetInstance()->OnGetUniqueDeviceId(dataMessageParcel, reply);
65 }
66
GetMeid(const uint8_t * data,size_t size)67 void GetMeid(const uint8_t *data, size_t size)
68 {
69 if (!IsServiceInited()) {
70 return;
71 }
72
73 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
74 MessageParcel dataMessageParcel;
75 dataMessageParcel.WriteInt32(slotId);
76 dataMessageParcel.WriteBuffer(data, size);
77 dataMessageParcel.RewindRead(0);
78 MessageParcel reply;
79 DelayedSingleton<CoreService>::GetInstance()->OnGetMeid(dataMessageParcel, reply);
80 }
81
GetBasebandVersion(const uint8_t * data,size_t size)82 void GetBasebandVersion(const uint8_t *data, size_t size)
83 {
84 if (!IsServiceInited()) {
85 return;
86 }
87
88 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
89 MessageParcel dataMessageParcel;
90 dataMessageParcel.WriteInt32(slotId);
91 dataMessageParcel.WriteBuffer(data, size);
92 dataMessageParcel.RewindRead(0);
93 MessageParcel reply;
94 DelayedSingleton<CoreService>::GetInstance()->OnGetBasebandVersion(dataMessageParcel, reply);
95 }
96
SetNetworkCapability(const uint8_t * data,size_t size)97 void SetNetworkCapability(const uint8_t *data, size_t size)
98 {
99 if (!IsServiceInited()) {
100 return;
101 }
102 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
103 int32_t networkCapabilityType = static_cast<int32_t>(*data % NETWORK_CAPABILITY_TYPE);
104 int32_t networkCapabilityState = static_cast<int32_t>(*data % NETWORK_CAPABILITY_STATE);
105 MessageParcel dataMessageParcel;
106 MessageParcel reply;
107 dataMessageParcel.WriteInt32(slotId);
108 dataMessageParcel.WriteInt32(networkCapabilityType);
109 dataMessageParcel.WriteInt32(networkCapabilityState);
110 int32_t error = DelayedSingleton<CoreService>::GetInstance()->OnSetNetworkCapability(dataMessageParcel, reply);
111 if (error != ERR_NONE) {
112 TELEPHONY_LOGE("SetNetworkCapability failed, error code is %{public}d \n", error);
113 }
114 }
115
GetNetworkCapability(const uint8_t * data,size_t size)116 void GetNetworkCapability(const uint8_t *data, size_t size)
117 {
118 if (!IsServiceInited()) {
119 return;
120 }
121
122 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
123 int32_t networkCapabilityType = static_cast<int32_t>(*data % NETWORK_CAPABILITY_TYPE);
124 int32_t networkCapabilityState = static_cast<int32_t>(*data % NETWORK_CAPABILITY_STATE);
125 MessageParcel dataMessageParcel;
126 MessageParcel reply;
127 dataMessageParcel.WriteInt32(slotId);
128 dataMessageParcel.WriteInt32(networkCapabilityType);
129 dataMessageParcel.WriteInt32(networkCapabilityState);
130 int32_t error = DelayedSingleton<CoreService>::GetInstance()->OnGetNetworkCapability(dataMessageParcel, reply);
131 if (error != ERR_NONE) {
132 TELEPHONY_LOGE(
133 "GetNetworkAbilitySwitch failed, error code is %{public}d \n, networkCapabilityState is %{public}d", error,
134 networkCapabilityState);
135 }
136 }
137
GetOperatorNumeric(const uint8_t * data,size_t size)138 void GetOperatorNumeric(const uint8_t *data, size_t size)
139 {
140 if (!IsServiceInited()) {
141 return;
142 }
143
144 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
145 MessageParcel dataMessageParcel;
146 dataMessageParcel.WriteInt32(slotId);
147 dataMessageParcel.WriteBuffer(data, size);
148 dataMessageParcel.RewindRead(0);
149 MessageParcel reply;
150 DelayedSingleton<CoreService>::GetInstance()->OnGetOperatorNumeric(dataMessageParcel, reply);
151 }
152
GetResidentNetworkNumeric(const uint8_t * data,size_t size)153 void GetResidentNetworkNumeric(const uint8_t *data, size_t size)
154 {
155 if (!IsServiceInited()) {
156 return;
157 }
158
159 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
160 MessageParcel dataMessageParcel;
161 dataMessageParcel.WriteInt32(slotId);
162 dataMessageParcel.WriteBuffer(data, size);
163 dataMessageParcel.RewindRead(0);
164 MessageParcel reply;
165 DelayedSingleton<CoreService>::GetInstance()->OnGetResidentNetworkNumeric(dataMessageParcel, reply);
166 }
167
GetOperatorName(const uint8_t * data,size_t size)168 void GetOperatorName(const uint8_t *data, size_t size)
169 {
170 if (!IsServiceInited()) {
171 return;
172 }
173
174 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
175 MessageParcel dataMessageParcel;
176 dataMessageParcel.WriteInt32(slotId);
177 dataMessageParcel.WriteBuffer(data, size);
178 dataMessageParcel.RewindRead(0);
179 MessageParcel reply;
180 DelayedSingleton<CoreService>::GetInstance()->OnGetOperatorName(dataMessageParcel, reply);
181 }
182
SendEnvelopeCmd(const uint8_t * data,size_t size)183 void SendEnvelopeCmd(const uint8_t *data, size_t size)
184 {
185 if (!IsServiceInited()) {
186 return;
187 }
188
189 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
190 std::string cmd(reinterpret_cast<const char *>(data), size);
191 MessageParcel dataMessageParcel;
192 dataMessageParcel.WriteInt32(slotId);
193 dataMessageParcel.WriteString(cmd);
194 dataMessageParcel.RewindRead(0);
195 MessageParcel reply;
196 DelayedSingleton<CoreService>::GetInstance()->OnSendEnvelopeCmd(dataMessageParcel, reply);
197 }
198
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)199 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
200 {
201 if (data == nullptr || size == 0) {
202 return;
203 }
204
205 GetUniqueDeviceId(data, size);
206 GetMeid(data, size);
207 GetBasebandVersion(data, size);
208 GetOperatorNumeric(data, size);
209 GetOperatorName(data, size);
210 SendEnvelopeCmd(data, size);
211 GetNetworkCapability(data, size);
212 SetNetworkCapability(data, size);
213 GetResidentNetworkNumeric(data, size);
214 auto telRilManager = std::static_pointer_cast<TelRilManager>(
215 DelayedSingleton<CoreService>::GetInstance()->telRilManager_);
216 if (telRilManager == nullptr || telRilManager->handler_ == nullptr) {
217 return;
218 }
219 auto handler = telRilManager->handler_;
220 if (handler != nullptr) {
221 handler->RemoveAllEvents();
222 handler->SendEvent(0, 0, AppExecFwk::EventQueue::Priority::HIGH);
223 sleep(SLEEP_TIME_SECONDS);
224 }
225 telRilManager->handler_->ClearFfrt(false);
226 telRilManager->handler_->queue_ = nullptr;
227 return;
228 }
229 } // namespace OHOS
230
231 /* Fuzzer entry point */
LLVMFuzzerInitialize(int * argc,char *** argv)232 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
233 {
234 OHOS::AddCoreServiceTokenFuzzer token;
235 return 0;
236 }
237
238 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)239 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
240 {
241 /* Run your code on data */
242 OHOS::DoSomethingInterestingWithMyAPI(data, size);
243 OHOS::DelayedSingleton<CoreService>::DestroyInstance();
244 return 0;
245 }
246